Back to search
CVE-2017-8000
Published: Jul 17, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.
| Vendor | Product | Versions |
|---|---|---|
n/a | RSA Authentication Manager 8.2 SP1 and earlier | affected RSA Authentication Manager 8.2 SP1 and earlier |
References
1038878
vdb-entry
x_refsource_SECTRACK
http://seclists.org/fulldisclosure/2017/Jul/25
x_refsource_CONFIRM
99572
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now